From 7e174f4ebccb5725e32dd5b78385ca0d41395c2c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 9 Oct 2018 09:49:04 +0200
Subject: terminal-util: extra safety checks when parsing $COLUMNS or $LINES
 (#10314)

Let's make sure the integers we parse out are not larger than USHRT_MAX.
This is a good idea as the kernel's TIOCSWINSZ ioctl for sizing
terminals can't take larger values, and we shouldn't risk an overflow.

(cherry picked from commit d09a71356e3ed78be7cef3cd7d9919dc77508b41)
---
 src/basic/terminal-util.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'src/basic/terminal-util.c')

diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
index f8623f9fd..d8e5d0d2e 100644
--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@@ -830,11 +830,11 @@ unsigned columns(void) {
         if (e)
                 (void) safe_atoi(e, &c);
 
-        if (c <= 0)
+        if (c <= 0 || c > USHRT_MAX) {
                 c = fd_columns(STDOUT_FILENO);
-
-        if (c <= 0)
-                c = 80;
+                if (c <= 0)
+                        c = 80;
+        }
 
         cached_columns = c;
         return cached_columns;
@@ -864,11 +864,11 @@ unsigned lines(void) {
         if (e)
                 (void) safe_atoi(e, &l);
 
-        if (l <= 0)
+        if (l <= 0 || l > USHRT_MAX) {
                 l = fd_lines(STDOUT_FILENO);
-
-        if (l <= 0)
-                l = 24;
+                if (l <= 0)
+                        l = 24;
+        }
 
         cached_lines = l;
         return cached_lines;
-- 
cgit v1.2.3